I have received this email from Spiral Hosting, the host used for Metal Type:

We've been contacted by several customers asking about the recently discovered vulnerability in "OpenSSL 1.0.1f". The vulnerability is known as the Heartbleed bug. It has been discovered by security experts and it is thought to affect up to 500,000 web servers worldwide. The vulnerability is receiving global news coverage. Technology companies and software providers like ZenCart are advising website owners to contact their web hosting providers.

The vulnerability allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for website, email and FTP applications. The vulnerability is known as CVE-2014-0160 and detailed information is available on the CVE website http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 and also http://heartbleed.com

We wish to advise that we are aware of the security vulnerability and every web server that we manage has been patched. Hence, your website is NOT at risk.

Please do not hesitate to contact us if you have any questions or concerns.